Total
2289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4495 | 1 Kmc Controls | 2 Bac-5051e, Bac-5051e Firmware | 2016-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors. | |||||
| CVE-2016-1581 | 1 Canonical | 2 Lxd, Ubuntu Linux | 2016-06-10 | 2.1 LOW | 5.5 MEDIUM |
| LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. | |||||
| CVE-2016-4502 | 1 Envirosys | 1 Esc 8832 Data Controller | 2016-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. | |||||
| CVE-2016-4501 | 1 Envirosys | 1 Esc 8832 Data Controller | 2016-06-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors. | |||||
| CVE-2016-2354 | 1 Lemurmonitors | 1 Bluedriver | 2016-05-31 | 8.0 HIGH | 8.8 HIGH |
| The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering. | |||||
| CVE-2016-0323 | 1 Ibm | 1 Bluemix | 2016-05-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors. | |||||
| CVE-2016-0731 | 1 Apache | 1 Ambari | 2016-05-18 | 4.0 MEDIUM | 4.9 MEDIUM |
| The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | |||||
| CVE-2016-3984 | 1 Mcafee | 7 Active Response, Agent, Data Exchange Layer and 4 more | 2016-05-18 | 3.6 LOW | 5.1 MEDIUM |
| The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys. | |||||
| CVE-2016-3162 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2016-04-22 | 6.5 MEDIUM | 8.1 HIGH |
| The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files. | |||||
| CVE-2015-5247 | 2 Canonical, Redhat | 2 Ubuntu Linux, Libvirt | 2016-04-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. | |||||
| CVE-2016-3985 | 1 Pulsesecure | 1 Pulse Connect Secure | 2016-04-18 | 3.3 LOW | 6.5 MEDIUM |
| The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2016-3165 | 1 Drupal | 1 Drupal | 2016-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-side form definition. | |||||
| CVE-2015-8681 | 1 Huawei | 4 Mate S, Mate S Firmware, P8 and 1 more | 2016-04-11 | 9.3 HIGH | 7.8 HIGH |
| The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the camera permission, aka an "interface access control vulnerability." | |||||
| CVE-2015-8680 | 1 Huawei | 4 Mate S, Mate S Firmware, P8 and 1 more | 2016-04-11 | 9.3 HIGH | 7.8 HIGH |
| The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the graphics permission, aka an "interface access control vulnerability," a different vulnerability than CVE-2015-8307. | |||||
| CVE-2015-8307 | 1 Huawei | 4 Mate S, Mate S Firmware, P8 and 1 more | 2016-04-11 | 9.3 HIGH | 7.8 HIGH |
| The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the graphics permission, aka an "interface access control vulnerability," a different vulnerability than CVE-2015-8680. | |||||
| CVE-2016-2277 | 1 Rockwellautomation | 1 Integrated Architecture Builder | 2016-04-07 | 6.9 MEDIUM | 6.3 MEDIUM |
| IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file. | |||||
| CVE-2016-2272 | 1 Eaton Lighting Systems | 1 Eg2 Web Control | 2016-04-07 | 5.0 MEDIUM | 7.5 HIGH |
| Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie. | |||||
| CVE-2016-0289 | 1 Ibm | 1 Maximo Asset Management | 2016-04-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors. | |||||
| CVE-2015-1151 | 1 Apple | 1 Os X Server | 2016-04-01 | 5.0 MEDIUM | N/A |
| Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. | |||||
| CVE-2015-0531 | 1 Emc | 1 Sourceone Email Management | 2016-04-01 | 5.0 MEDIUM | N/A |
| EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||